# Sandboxes

Run code an agent wrote — code you did not write and cannot fully trust — without giving it the host filesystem, network, or processes.

[← Back to home](/)

## Why sandboxes matter

Giving an agent a shell is one of the most useful capabilities you can grant, and one of the most dangerous. Sandboxes make that capability safe to expose by keeping execution inside an isolated environment. In Everruns, a sandbox is attached as a [capability](/platform/capabilities), so the durable execution model stays the same no matter which one you choose.

## In-process: Bashkit

[Bashkit](/products/bashkit) is the default agent sandbox. It is a virtual Bash interpreter with an in-process virtual filesystem — no containers, no subprocesses. Scripts run real Bash syntax against an isolated filesystem with more than 150 built-in commands, and interpreter state persists across calls so a session builds up context. It is the fastest, lowest-overhead option and needs no external service.

## Cloud sandboxes

When an agent needs a full operating system, language runtime, or network access, Everruns connects to cloud sandbox providers through the [integrations](/platform/integrations) layer:

- ![](/icons/sandboxes/daytona.svg) **[Daytona](https://docs.everruns.com/integrations/daytona/)** — cloud sandbox environments via the Daytona REST API
- ![](/icons/sandboxes/e2b.svg) **[E2B](https://docs.everruns.com/integrations/e2b/)** — cloud sandboxes via the E2B management and runtime APIs
- ![](/icons/sandboxes/deno.svg) **[Deno](https://docs.everruns.com/integrations/deno/)** — cloud sandboxes via the Deno WebSocket sandbox API
- ![](/icons/sandboxes/docker.svg) **[Docker](https://docs.everruns.com/integrations/container-sandbox/)** — self-hosted container sandboxes via the Docker Engine
- ![](/icons/sandboxes/sprites.svg) **[Sprites](https://docs.everruns.com/integrations/sprites/)** — persistent Firecracker microVMs with checkpoints and HTTP services

## Choosing one

- Reach for **Bashkit** when agents mostly run shell commands and text processing and you want zero infrastructure.
- Reach for a **cloud sandbox** when agents need a real runtime, package installs, long-lived services, or stronger isolation from the host.

Because each sandbox is a capability, you can attach a different one per harness, agent, or session without changing the agent definition.

## Related

- [Bashkit](/products/bashkit) — the in-process virtual Bash sandbox
- [Capabilities](/platform/capabilities) — how sandboxes are attached to agents
- [Integrations](/platform/integrations) — the cloud sandbox providers Everruns supports
- [Integrations docs](https://docs.everruns.com/integrations/) — setup and tool reference for each sandbox